People will tell you that there are some
things in the world you just can't teach.
Carolyn Meinel would
probably be among
the first to disagree. She has set about the task of teaching a skill she
feels will be increasingly important in the years to come -- hacking.
This mother of four, horse-trainer, and sometimes professor at the
University of New Mexico produces The Happy Hacker, a mailing list
devoted to bringing would-be hackers into the fold. Its methods, simple;
its results, startling. Through an up-beat, up-tempo style, littered with
"You Can Go to Jail for This" warnings, Mrs. Meinel makes it not only fun,
but also easy to learn basic hacking skills. Carolyn recently took the time
to have a little talk with verbosity about her endeavors, past,
present, and future.

verbosity:
Okay, your background differs from a lot of the hacker stereotypes we
see today. Can you tell us a little about yourself and how you got into
hacking?

Carolyn Meinel:
My first husband, H. Keith Henson, is a dynamite hacker
with a gonzo sense of humor. When we got married in 1967, I was an Earth
Mother type, content to bake bread, sew, garden and raise children and
chickens. But one day in
June 1971, Keith abruptly bundled me off to a University of Arizona summer
class in Fortran programming. I was hooked.

v: What
inspired you to start The Happy Hacker? What do you
hope to accomplish as a result of it?

CM:
All sorts of guys were begging me, "Teach me how to hack."
I'm an industrial
engineer (MS, U of Arizona, 1983). I believe in efficiency. Instead of
teaching all these guys one-on-one, I figured I'd set up a production line.
Also, a bunch of elite hackers joined the list so they can show off how
brainy they are. So they end up doing most of the work. I'm learning more
than I teach.

v: Have you gained any negative feedback from your work? Any
hackers getting incensed? Any attempted hacks on your person?

CM:
Yeah. Hacker war-time. Here's a sample flame from a guy styling
himself "se7en": "You're claiming membership in a community you have
contributed nothing to, and are raping for information for your own
financial gain. You resort to blatant theft of material and ideas from
others so you can further your financial agenda."

What really
bugs se7en and others like him is that I'm sharing hacking
information with anyone who wants to learn. I'm showing people that hacking
is actually easy to do. And they're afraid I'll someday make money on a book
about hacking. Tough.

I had to move
The Happy Hacker list twice after it got hacked.
Most system administrators chicken out in the face of even mild hacker
attacks.
But
now we are being hosted by Cibola Communications in El Paso as a public
service. Cibola sysadmin Patrick Rutledge and the head sysadmin at the
University of Texas at El Paso, Gerard Cochrane Jr., are now holding the
hack attacks at bay.
Actually,
so far the hack attacks have been pretty lame. So that tells me
none of the truly elite hackers are excessively ticked off at The Happy
Hacker list.

v: You're a strong advocate of responsible hacking. What would
you define as responsible in the world of hacking?

CM:
Anything short of accidentally setting off World War III.

Seriously,
you can hack without breaking the law and without harming anyone.
Even the hairiest hacks such as breaking into the superuser account of a
computer or making it crash can be OK if the owner of the computer has
consented to the experiment. In fact, sometimes several hackers make an
agreement try to break into each other's computers. It's the most
exhilarating game on the planet!

Bottom line:
follow the Golden Rule. It worked in Jesus' day. It still works
today.

v: What advice would you give a young pup, ready to break into
the world of bona fide hacking?

CM:
Get
a college degree in either math, computer science, electrical
engineering or industrial engineering. These all give you the theoretical
foundations you need to reach the stratosphere of the hacker world. Also,
spend every extra cent you have on computer manuals.

Gerard Cochrane, Jr.,
is a great example. He's a graduate student in
computer
science and owns $40,000 worth of manuals. He has several secret hacker
identities, each one more elite than the last. "Kewl d00d" uneducated
hackers are totally left in the dust when they try to attack his University
of Texas at El Paso (UTEP) computers. In fact, sometimes people who try to
hack UTEP suffer mysterious problems...

Jerry
adds, "A quest for knowledge is the biggest need. Hackers explore
possibilities and are not bound by traditions...we always wonder how can it
be done. We tend to self teach subjects not covered in traditional
schooling. I would say hackers are the Electronic Scholars of this day and
age."

Now
Patrick Rutledge has a slightly different perspective. He doesn't have a
college degree (yet). But Patrick tells me "I think the best hackers are
uneducated but curious 12-year-olds with their older brother's Commodore
64's and that is no joke, they are probably the only people on the net who
truly scare me. You don't need a PhD to hack a system, actually SOME PhD's
are the most clueless people I know anyways, but maybe they are just as
scary. No offense if you know/are/see any PhD's ;)"

The
important thing to remember is that it is much harder to defend a
computer than to attack it. If you can get a job as a sysadmin, you can have
all the fun of hacking but do it as the good guy. And you'll know you are
vastly better than the "code kiddies" who go to places like the Scriptors of
Doom website to pick up programs (e.g. Perl scripts) to use to break into
people's computers. You'll be vastly better because every day you'll be
checking out all the websites and e-mail lists where hackers pass out these
"exploit programs." You'll be the one figuring out ways to keep these
programs from hacking your computers.

But
the guys who are atttacking you will mostly be ordinary back-alley
hackers who barely know how to run a program, much less patch a computer so
it resists an exploit program.

v: Do you feel that there's been a bastardization of the term
"hacker" in recent years? Is it becoming too synonymous with "warez
puppy" in many people's eyes?

CM:
I'm
even more worried about the confusion of us old-fashioned
harmless hackers with criminals who enjoy "cracking" into the computer
of someone who doesn't consent to the attack. These crackers often do
serious damage before they leave. The hacker code of ethics -- yes, it
does exist -- says you should never harm anyone else's computer.

I'm also
bothered by people who ascribe almost supernatural talents to
hackers. Like the Superman episode in which Jimmy complains that a hacker
blew up his TV. OK, it was meant as a joke. But does the average Superman
viewer know that it is impossible for someone to use a computer to blow up
his or her TV?

v:
In recent months, the media has been giving increased coverage to
hackers and their deeds? How do you feel about the way the media has been
treating hackers? How about the hacks on government web sites?

CM:
The
media should get a life. Sheesh, they make such a big deal over this
stuff, like it takes an act of supreme genius to steal credit card numbers
or hack a Web site.

On
the other hand, putting pornography up on a government Web site was
pretty childish. If I were to hack a Web site, it would be to play out a
harmless practical joke on a good friend. Oh, oh, I can see all my friends
rushing out to secure their Web sites...

v:
As a hacker, how secure would you feel in ordering products via the
Internet with your credit card? Is the technology approaching hack-proof,
or is there still a long ways to go?

CM:
I've
had my credit card abused. Big deal. Two teenagers used it to buy
computer games and subscribe all their friends to Prodigy. I protested the
charges and got them removed.

You
are more likely to get your credit card misused by buying something from
a telephone solicitor than through some sort of computer attack. In fact,
that was how those teens got my credit card number. They pretended to
represent my ISP.

So,
yes, we still have a long way to go on credit card security. But
compared to all the other ways to commit credit card fraud, the Internet is
still in the noise level.

v:
What would you say is the "best" (or most impressive) hack you've ever
been made aware of?

CM:
It
was back before most of today's hackers were even born. In 1968 a group
of computer scientists at the University of Illinois at Urbana-Champaign got
funding from the Advanced Research Projects Agency to set up the first
nationwide computer network: Plato. It was four CDC 6400s ganged together.
Attached to them were 1024 dumb vector graphics terminals with
touch-sensitive screens.

Plato
hosted the first flight simulation programs in history. We could fly
MIGs, Phantoms, F-104s, X-15s, Sopwith Camels -- you name it. Anyhow, these
simulators were all tied into this air fight game. We'd buzz around shooting
each other down and bombing each other's airports. We also could hurl
insults at each other via text messages displayed at the bottom of the
screen. I remember making too tight a turn in my Phantom while trying to
evade an air-to-air missile. The screen went blank to simulate me blacking
out. Then the message cam up: "You just pulled 47 g's on that turn. You now
look more like a pizza than a human being as you slowly flutter to Earth."

Of
course this was just too good to resist. One day in 1974 (I think) some
guys programmed in the Starship Enterprise. They came bombing in from outer
space, shot everybody down and then vanished.

v: Hollywood has also become interested in the hacker over the
past decade, dating as far back as War Games. Do you feel that their
portrayal has been a positive thing for the hacking community?
Do you have any personal favorite hacking movies?

CM:
I
adore Sneakers (1994 release). The writer/producer, Larry Lasker, is
really into this stuff. Basing a plot on what would happen if someone were
to discover a polynomial-time-bounded algorithm for factoring numbers is
beyond cool. The car chases and murders were pretty good, too. And the sex
scenes. OK, just kidding there. Sneakers has no sex scenes and minimal
violence. It's a great movie to show to children, yet is deep enough to
entrance even a jaded, ancient hacker like me.

v: Where do you see the Internet five years from now?

CM:
I
can hardly wait for China Online and a billion clueless newbies posting to
Usenet. Hackers from Uzbekhistan and Madagascar ping flooding each other off
IRC. Spam from Mongolia. Kewl.

v:
Where do you see yourself five years from now? Any upcoming projects
you'd like to talk about?

CM:
I
want to improve my wool-spinning and bread-baking skills. Maybe some of my
four daughters will have produced grandchildren by then. I figure around age
two or three is a good time to start them on hacking.

v: What's the typical daily routine for Carolyn Meinel?

CM:

6:00 AM -- feed horses

6:30 AM -- read e-mail

7:00 AM -- do something to make money

7:15 AM -- wow, I wonder if it will work! I get on my shell account
and try out a new way to forge headers on e-mail

8:00 AM -- try again to do something that makes money

8:15 AM -- rush over to Scriptors of Doom website to check out the
latest HP exploit code. Regret that no one will give me permission to try
to crack their HP box.